DAOD 8001-1, Canadian Special Operations Forces Command – Information and Asset Security Management

1. Introduction

Date of Issue: 2015-12-17

Application: This DAOD is a directive that applies to employees of the Department of National Defence (DND employees) and an order that applies to officers and non-commissioned members of the Canadian Armed Forces (CAF members).

Supersession: NDHQ Instruction DCDS 05/1993, 28 May 1993

Approval Authorities:

  • Deputy Minister; and
  • Chief of Defence Staff

Enquiries: Deputy Commander Canadian Special Operations Forces Command (DComd CANSOFCOM)

2. Definitions

information security (sécurité des informations)

The protection of information against unauthorized disclosure, transfer, modification or destruction, whether accidental or intentional.

Note – Information may exist in the human mind, in document form and in electronic form. Information in the human mind will be protected by the use of appropriate personnel security measures. Information in document form will be protected by the use of appropriate document security measures. Information in electronic form will be protected by the use of appropriate INFOSEC measures. (Defence Terminology Bank record number 13819)

information technology system (système de technologie de l’information)

An assembly of computer hardware, software or firmware, either stand-alone or interconnected, that is used to process or transmit data, or to control mechanical or other devices. (Defence Terminology Bank record number 48262)

need-to-know principle (principe de connaissance sélective)

Limiting access to information to those whose duties require such access. (Defence Terminology Bank record number 46756)

operations security (sécurité des operations)

The analytical process used to identify, recommend and implement measures to mitigate any unacceptable risk of unclassified information and observable activities being exploited by an adversary to deny or disrupt military operations. (Defence Terminology Bank record number 28052)

security (sécurité)

The condition achieved when designated information, material, personnel, activities and installations are protected against espionage, sabotage, subversion, terrorism and damage, as well as against loss or unauthorized disclosure. (Defence Terminology Bank record number 43546)

special operations (opérations spéciales)

Military activities conducted by specially designated, organized, selected, trained and equipped forces using unconventional techniques and modes of employment. (Defence Terminology Bank record number 18752)

Top of Page

3. Overview

General

3.1 The National Defence Security Orders and Directives (NDSODs) require the safeguarding of the confidentiality of government information within the DND and the CAF. Information relating to the force development, force generation and force employment of special operations task forces (SOTFs) and special operations forces (SOF) teams is information that requires confidentiality to achieve operational tasks. The failure to provide confidentiality is detrimental to national security, the success of SOTFs and SOF teams in achieving operational tasks, and the safety of personnel.

3.2 The CAF conducts operations combining SOF with conventional forces and continues to expand the use of SOF. As a consequence, increasing numbers of DND employees and CAF members require access to CANSOFCOM information and assets to perform assigned duties. Day-to-day operations require information security of CANSOFCOM information. Any failure to achieve information security of CANSOFCOM information may increase the risk to the Government of Canada (GC), DND, CAF and individuals.

Note – CANSOFCOM information is described in detail in paragraph 3.4 of DAOD 8001-0, Canadian Special Operations Forces Command – Information and Asset Security.

Top of Page

4. Security Categories and Markings

General

4.1 Only the Comd CANSOFCOM or a designated official may:

  1. determine the security categories (classifications and protections) of CANSOFCOM information and assets;
  2. determine additional security markings that identify access, distribution, use and reproduction restrictions respecting CANSOFCOM information and assets;
  3. provide access to security categorization guides developed by CANSOFCOM to permit derivative marking by the DND and the CAF; and
  4. resolve challenges to security categories and marking decisions.

4.2 Any information or asset that is subject to a challenge of the security category or marking decision of the Comd CANSOFCOM or a designated official must retain the original security category or marking until the challenge is resolved and the results are implemented.

4.3 There is a right of access which applies to any record under the control of the DND or the CAF unless the record qualifies for an exemption or is specifically excluded from the application of the Access to Information Act or the Privacy Act. All decisions that any CANSOFCOM information requires a security category or marking must relate directly to the exemption and exclusion criteria found in the Access to Information Act and the Privacy Act.

Top of Page

5. Management of Information and Assets

General

5.1 A DND employee or CAF member who is responsible for CANSOFCOM information and assets must ensure that the information and assets are:

  1. properly controlled at all times within the DND and the CAF;
  2. subject to explicit and unambiguous requirements for access under the need-to-know principle;
  3. disclosed, in the case of information, if necessary to satisfy a legal requirement under the Access to Information Act, Privacy Act, Canada Evidence Act, Public Servants Disclosure Protection Act or other legislation; and
  4. disclosed, in the case of information or assets, to other GC employees, CAF members or foreign governments only when authorized by the Comd CANSOFCOM or a designated official.

5.2 Unless information is disclosed in accordance with a legal requirement (see subparagraph 5.1.c), a DND employee or CAF member who is authorized to disclose CANSOFCOM information must ensure that any recipient:

  1. possesses the requisite security clearance or reliability status;
  2. has satisfied the need-to-know principle;
  3. has been authorized by the Comd CANSOFCOM or a designated official to access, process or possess the information; and
  4. has been briefed on applicable markings.

Note – Approval by other applicable DND and CAF authorities may also be required if the CANSOFCOM information contains information subject to other restrictions, for example intelligence or controlled goods.

5.3 For purposes of DAOD 1001-1, Formal Requests for Access to Departmental Information, and DAOD 1001-2, Informal Requests for Access to Departmental Information, CANSOFCOM is an office of primary interest that must be consulted prior to the disclosure of any records that contain CANSOFCOM information.

Public Affairs (PA)

5.4 All PA activities that include or are related to CANSOFCOM information must be coordinated with the CANSOFCOM PA officer, who will coordinate these activities with the Assistant Deputy Minister (PA) and applicable staff in accordance with the DAOD 2008 series and relevant communications plans.

5.5 The Comd CANSOFCOM or a designated official may grant approval to a DND employee or CAF member to disclose:

  1. CANSOFCOM information to the media; and
  2. the identity or image of any CANSOFCOM DND employee, CAF member, contractor or advisor.

5.6 All public requests for CANSOFCOM information, other than a request based on a legal requirement mentioned in subparagraph 5.1.c, must be directed to the CANSOFCOM PA officer. This includes requests for:

  1. disclosure of CANSOFCOM information to the media; and
  2. permission of a DND employee and CAF member to speak to the media relating to CANSOFCOM information or assets.

Unauthorized Disclosure

5.7 Any unauthorized disclosure of CANSOFCOM information contravenes the PGS, Values and Ethics Code for the Public Sector, the NDSI and NDSP. Unauthorized disclosure may also constitute an offence under the Security of Information Act and the National Defence Act.

5.8 A DND employee or CAF member must report any actual or suspected unauthorized disclosure of CANSOFCOM information to their supervisor or unit security officer.

Security Categorization and Markings

5.9 DND employees and CAF members must apply:

  1. the authorized security categorization and markings to all CANSOFCOM information and assets; and
  2. the security category “unclassified” in the case of unclassified CANSOFCOM information or assets.

Electronic Storage, Processing and Transmission

5.10 DND employees and CAF members must ensure that CANSOFCOM information is stored, processed and transmitted only on authorized GC, DND or CAF information technology systems or communications devices that have been approved for the highest security category or the most restrictive marking of the information. CANSOFCOM information may also be stored, processed and transmitted on authorized GC, DND or CAF information technology systems or communications devices that have been approved at a higher security category or more restrictive marking.

Handling of CANSOFCOM Records

5.11 DND employees and CAF members must ensure that all CANSOFCOM records are handled in accordance with the Defence Subject Classification and Disposition System.

Casualty and Repatriation Information

5.12 DND employees and CAF members must ensure that casualty information resulting from CANSOFCOM operations, exercises or other activities are not disclosed without prior CANSOFCOM authorization. Detailed direction on the administration of casualties and the repatriation of CANSOFCOM personnel is available from CANSOFCOM J1.

Honours and Awards

5.13 The circumstances surrounding the submission of honours or awards relating to CANSOFCOM activities, including those for DND employees and CAF members temporarily attached or employed with CANSOFCOM, require special procedures to safeguard operational and personal information. CANSOFCOM must be consulted when a DND employee or CAF member is nominated for an honour or award relating to CANSOFCOM employment or service.

Approval of Visits

5.14 Only the Comd CANSOFCOM or a designated official may authorize visits to any domestic or foreign CANSOFCOM facility, unit, site or activity. All visits must be planned and conducted in accordance with:

  1. the DAOD 2001 series;
  2. CFAO 20-5, Temporary Duty – DND Personnel; and
  3. NDSI 44, Visits to and from DND.

Contracting

5.15 In addition to the specific guidance on contracting in the Defence Security Manual, Chapter 2, Contracts and the Security Requirements Checklist, any contract that provides for access, storage or use of CANSOFCOM information or assets must include binding provisions that identify additional security measures for the information or assets. Any contract that will provide access to CANSOFCOM information or assets must also include a security categorization guide for the CANSOFCOM information or assets.

5.16 Only the Comd CANSOFCOM or a designated official may approve the disclosure of CANSOFCOM information by a contractor, including disclosure by a contractor to a sub-contractor.

Top of Page

6. Consequences

Consequences of Non-Compliance

6.1 Non-compliance with this DAOD may have consequences for both the DND and the CAF as institutions, and for DND employees and CAF members as individuals. Suspected non-compliance may be investigated. The nature and severity of the consequences resulting from actual non-compliance will be commensurate with the circumstances of the non-compliance. Consequences of non-compliance may include one or more of the following:

  1. the ordering of the completion of appropriate learning, training or professional development;
  2. increased reporting and performance monitoring;
  3. the withdrawal of any authority provided under this DAOD to a DND employee or CAF member;
  4. the reporting of suspected offences to responsible law enforcement agencies;
  5. the liability of Her Majesty in right of Canada;
  6. the application of specific consequences as set out in applicable laws, codes of conduct, and DND and CAF policies and instructions; and
  7. other administrative or disciplinary action, or both.

Note – In respect of the compliance of DND employees, see the Treasury Board Framework for the Management of Compliance for additional information.

Top of Page

7. Responsibilities

Responsibilities Table

7.1 The following table identifies the responsibilities associated with this DAOD:

The … is or are responsible for …

level one advisors

  • implementing the DAOD 8001 series during any operations, training or administration involving CANSOFCOM personnel, information or assets.

Assistant Deputy Minister (Finance) / Chief Financial Officer

  • implementing controls to safeguard classified or protected CANSOFCOM financial information.

Comd CANSOFCOM

  • providing DND and CAF access to security categorization guides for CANSOFCOM information and assets.

DComd CANSOFCOM

  • implementing an operations security program.
Director General Defence Security
  • ensuring the safeguarding of CANSOFCOM information and assets under the Defence Security Program.

8. References

Acts, Regulations, Central Agency Policies and Policy DAOD

Other References

Top of Page

Report a problem or mistake on this page
Please select all that apply:

Thank you for your help!

You will not receive a reply. For enquiries, contact us.

Date modified: